So what happened to the burning issue of 2018?
Fearmongering about GDPR died down after it came into effect, but it is likely that the next few months will reveal the results of enforcement actions.
There’s no doubt the burning issue of 2018 for email marketers was GDPR, particularly up to the implementation of the legislation last May, but as we steam into 2019, I’m wondering, what was all the fuss about?
Certainly, here at GroupMail, we found it to be something of a non-event after the launch date, and we received very little feedback or comment from customers on GDPR.
Basically, it felt like a damp squib. The sky didn’t fall on the heads of the non-compliant, the fear-mongering that was part of daily life up to the May 25th deadline was not replaced by cautionary tales of massive fines for breaches of the legislation. Indeed, business as usual appears to have been the order of the day.
The reality is that although we know GDPR is now law, we don’t know the cost of non-compliance. We do, however, know the costs of complying with the law. By and large, for email marketers, they shouldn’t have been too prohibitive – with the main ongoing cost being making sure that new unsubscribes continue to be monitored.
But for some Irish businesses compliance has been an expensive proposition.
In late November, Mazars and McCann FitzGerald released their third annual GDPR-awareness report, and it found that 58 percent of Irish businesses calculated their GDPR-related costs as being between €50,000 and €250,000.
The report also suggests that Irish businesses as a whole feel they are on top of the issue – with 84 percent saying they are materially compliant with the legislation. However, Paul Lavery, Partner and Head of Technology & Innovation with McCann FitzGerald, sounded a note of caution about the confidence among Irish businesses. “This optimism is likely to be tested in the coming months as enforcement actions and data subject activism start to kick in.”
And that is the nub of the matter. Enforcement actions have yet to kick in, but they will.
The seven months since GDPR came into effect have really been about investigating complaints and building cases around them. The fruits of those labours should be evident soon, and we should get a clear picture of the way data commissioners are implementing the law – in terms of the scale of fines and the degree to which a spirit of compliance is considered when calculating them.
Initially, complaints against major companies like Facebook and Google or the one alleging that Ireland’s Department of Social Protection interfered with the role of its data protection officer, which is an offence under GDPR, will grab all the headlines. But, in time, a pattern will emerge that will tell us how more mundane breaches are handled.
Meanwhile, one thing is certain: the introduction of GDPR led to a Europe-wide surge in consumers contacting data commissioners with complaints relating to data breaches. For anyone sending marketing emails, this in itself is a strong argument for compliance – if our customers are conscious of their rights and keen to protect them, we should be too!
Our FAQs on GDPR compliance and email marketing should help you with the process: https://group-mail.com/email-marketing/gdpr-email-marketing-faq/